Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libqt5-qtwebengine for openSUSE:Factory checked in at 2021-11-03 17:25:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libqt5-qtwebengine (Old) and /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libqt5-qtwebengine" Wed Nov 3 17:25:23 2021 rev:74 rq:928291 version:5.15.7 Changes: -------- --- /work/SRC/openSUSE:Factory/libqt5-qtwebengine/libqt5-qtwebengine.changes 2021-09-26 21:49:21.090825011 +0200 +++ /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1890/libqt5-qtwebengine.changes 2021-11-03 17:26:00.437328736 +0100 @@ -1,0 +2,65 @@ +Fri Oct 29 09:53:05 UTC 2021 - christophe@krop.fr + +- Update to version 5.15.7: + * Update Chromium: + [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms + [Backport] sandbox: linux: allow clock_nanosleep & gettime64 + [Backport] Linux sandbox: update syscall numbers for all platforms. + [Backport] Ease HarfBuzz API change with feature detection + [Backport] Security bug 1248665 + [Backport] CVE-2021-37975 : Use after free in V8 + [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox + [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2) + [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2) + [Backport] CVE-2021-37978 : Heap buffer overflow in Blink + [Backport] CVE-2021-30616: Use after free in Media. + [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2) + [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2) + [Backport] CVE-2021-37973 : Use after free in Portals + [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI. + [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API + [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API + [Backport] Linux sandbox: return ENOSYS for clone3 + [Backport] Linux sandbox: fix fstatat() crash + [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat"" + [Backport] Security bug 1238178 (2/2) + [Backport] Security bug 1238178 (1/2) + [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2) + [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2) + [Backport] CVE-2021-30630: Inappropriate implementation in Blink + [Backport] CVE-2021-30629: Use after free in Permissions + [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE + [Backport] CVE-2021-30627: Type Confusion in Blink layout + [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE + [Backport] CVE-2021-30625: Use after free in Selection API + [Backport] Security bug 1206289 + [Backport] CVE-2021-30613: Use after free in Base internals + [Backport] Security bug 1227228 + [Backport] CVE-2021-30618: Inappropriate implementation in DevTools + * Update patch level + * Blacklist certificate test until certicates have been renewed + * Block CORS from local URLs when remote access is not enabled + * Do not wait on weak_pointer for termination errors + * Support MSVC_VER 16.8 + * Fix wrong save file filter for Markdown Editor example + * Add Chromium version source documentation + * Bump version from 5.15.6 to 5.15.7 + * Fix crash when clicking on a link in PDF +- Drop openSUSE patches: + * fix1163766.patch. Should be addressed with: + https://github.com/qt/qtwebengine-chromium/commit/652f834de + https://github.com/qt/qtwebengine-chromium/commit/faae106ed + https://github.com/qt/qtwebengine-chromium/commit/6b7b3f1bf + * chromium-glibc-2.33.patch. Should be addressed with the + [Backport] Linux sandbox: fix fstatat() crash and + Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat"" + changes. + * chromium-older-harfbuzz.patch +- Drop upstream changes: + * 0001-return-ENOSYS-for-clone3.patch + * chromium-harfbuzz-3.0.0.patch + * skia-harfbuzz-3.0.0.patch +- Rebase patches: + * sandbox-statx-futex_time64.patch + +------------------------------------------------------------------- Old: ---- 0001-return-ENOSYS-for-clone3.patch chromium-glibc-2.33.patch chromium-harfbuzz-3.0.0.patch chromium-older-harfbuzz.patch fix1163766.patch qtwebengine-everywhere-src-5.15.6.tar.xz skia-harfbuzz-3.0.0.patch New: ---- qtwebengine-everywhere-src-5.15.7.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt5-qtwebengine.spec ++++++ --- /var/tmp/diff_new_pack.ubc07p/_old 2021-11-03 17:26:12.589335382 +0100 +++ /var/tmp/diff_new_pack.ubc07p/_new 2021-11-03 17:26:12.589335382 +0100 @@ -29,35 +29,26 @@ %global _qtwebengine_dictionaries_dir %{_libqt5_datadir}/qtwebengine_dictionaries Name: libqt5-qtwebengine -Version: 5.15.6 +Version: 5.15.7 Release: 0 Summary: Qt 5 WebEngine Library License: LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only Group: Development/Libraries/X11 URL: https://www.qt.io %define base_name libqt5 -%define real_version 5.15.6 -%define so_version 5.15.6 +%define real_version 5.15.7 +%define so_version 5.15.7 %define tar_version qtwebengine-everywhere-src-%{version} Source: %{tar_version}.tar.xz # PATCH-FIX-UPSTREAM armv6-ffmpeg-no-thumb.patch - Fix ffmpeg configuration for armv6 Patch0: armv6-ffmpeg-no-thumb.patch # PATCH-FIX-OPENSUSE disable-gpu-when-using-nouveau-boo-1005323.diff Patch1: disable-gpu-when-using-nouveau-boo-1005323.diff -Patch2: fix1163766.patch -Patch3: sandbox-statx-futex_time64.patch +Patch2: sandbox-statx-futex_time64.patch # PATCH-FIX-OPENSUSE -Patch4: rtc-dont-use-h264.patch +Patch3: rtc-dont-use-h264.patch # PATCH-FIX-UPSTREAM -Patch5: chromium-glibc-2.33.patch -# PATCH-FIX-UPSTREAM -Patch6: 0001-Fix-build-with-glibc-2.34.patch -# PATCH-FIX-UPSTREAM -Patch7: 0001-return-ENOSYS-for-clone3.patch -Patch8: chromium-harfbuzz-3.0.0.patch -Patch9: skia-harfbuzz-3.0.0.patch -# PATCH-FIX-OPENSUSE -Patch10: chromium-older-harfbuzz.patch +Patch4: 0001-Fix-build-with-glibc-2.34.patch # http://www.chromium.org/blink is not ported to PowerPC & s390 ExcludeArch: ppc ppc64 ppc64le s390 s390x # Try to fix i586 MemoryErrors with rpmlint ++++++ _service ++++++ --- /var/tmp/diff_new_pack.ubc07p/_old 2021-11-03 17:26:12.625335402 +0100 +++ /var/tmp/diff_new_pack.ubc07p/_new 2021-11-03 17:26:12.625335402 +0100 @@ -1,11 +1,11 @@ <services> <service name="tar_scm" mode="disabled"> <param name="changesgenerate">enable</param> - <param name="version">5.15.6</param> + <param name="version">5.15.7</param> <param name="url">git://code.qt.io/qt/qtwebengine.git</param> <param name="scm">git</param> <param name="filename">qtwebengine-everywhere-src</param> - <param name="revision">v5.15.6-lts</param> + <param name="revision">v5.15.7-lts</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.ubc07p/_old 2021-11-03 17:26:12.641335411 +0100 +++ /var/tmp/diff_new_pack.ubc07p/_new 2021-11-03 17:26:12.641335411 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">git://code.qt.io/qt/qtwebengine.git</param> - <param name="changesrevision">2acbba86362ac3a1c2d8c20390dc263875f8f09c</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">f0a1cb8da24518c03858b85378f9ad82b0603a1a</param></service></servicedata> \ No newline at end of file ++++++ qtwebengine-everywhere-src-5.15.6.tar.xz -> qtwebengine-everywhere-src-5.15.7.tar.xz ++++++ /work/SRC/openSUSE:Factory/libqt5-qtwebengine/qtwebengine-everywhere-src-5.15.6.tar.xz /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1890/qtwebengine-everywhere-src-5.15.7.tar.xz differ: char 15, line 1 ++++++ sandbox-statx-futex_time64.patch ++++++ --- /var/tmp/diff_new_pack.ubc07p/_old 2021-11-03 17:26:12.669335427 +0100 +++ /var/tmp/diff_new_pack.ubc07p/_new 2021-11-03 17:26:12.673335428 +0100 @@ -8,11 +8,11 @@ futex_time64 is also used internally in glibc, so handle that as well. The signature is identical where it matters. -diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc -index 3c67b124786..4772dc096f5 100644 +diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +index 6f7768f7d..b3335e2bf 100644 --- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc -@@ -194,6 +194,11 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, +@@ -203,6 +203,11 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, if (sysno == __NR_futex) return RestrictFutex(); @@ -24,8 +24,8 @@ if (sysno == __NR_set_robust_list) return Error(EPERM); -@@ -257,6 +262,12 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, - return RestrictKillTarget(current_pid, sysno); +@@ -283,6 +288,12 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, + return RewriteFstatatSIGSYS(fs_denied_errno); } +#if defined(__NR_statx)